Search Results for: supply chain risk management

CISA Unveils 2 Resources From ICT Supply Chain Risk Management Task Force

Virtual Private Network

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the publication of two new resources to help mitigate threats facing the information and communications technology supply chain. The ICT SCRM Task Force is a public-private partnership sponsored by CISA’s National Risk Management Center (NRMC) and seeks to improve ICT supply chain resilience and security. 

Read More »

GAO: Federal Agencies Should Implement ICT Supply Chain Risk Management Practices

Virtual Private Network

The Government Accountability Office (GAO) has called on federal agencies to take action on its recommendations to fully implement the foundational practices for managing supply chain risks associated with information and communication technologies. During that month, the congressional watchdog reported that none of the 23 civilian agencies had fully carried out the foundational ICT SCRM practices. 

Read More »

Daniel Kroese, Associate Director of DHS’ National Risk Management Center, Announced as a Panelist for Potomac Officers Club’s 2019 Secure Supply Chain Forum on July 18th

Daniel Kroese, associate director of the National Risk Management Center for the Department of Homeland Security, will be featured as a panelist during Potomac Officers Club’s 2019 Secure Supply Chain Forum on July 18th. Register now for the forum right here.

Read More »

NIST Seeks Security Platforms for Data-Centric Security Management Project

Data-Centric Security

The National Institute of Standards and Technology (NIST) has asked industry and other interested stakeholders to provide products that could help demonstrate security technologies for a project meant to facilitate data-centric security management. NIST is seeking letters of interest to help the National Cybersecurity Center of Excellence (NCCoE) work with tech companies to address cyber challenges identified in the project titled Data Classification Practices: Facilitating Data-Centric Security Management.

Read More »

Federal Acquisition Security Council Issues Final Rule on Supply Chain Risk Info Sharing

Supply Chain Security

The Federal Acquisition Security Council (FASC) has released a final rule to facilitate the sharing of information on supply chain risks and exercise its authority to recommend issuance of orders requiring the removal of IT products and services from executive agency information systems or exclusion of covered articles from future procurements.

Read More »

NIST Seeks to Improve Software Supply Chain Security With Two Guidelines

Critical Software

The National Institute of Standard and Technology (NIST) has issued two documents meant to improve the integrity and security of the software supply chain in accordance with an executive order seeking to strengthen U.S. cybersecurity. NIST developed the two documents by hosting virtual workshops and seeking position papers to seek feedback and insights from the public.

Read More »

Sens. Gary Peters, Ron Johnson Introduce Supply Chain Security Training Act

Virtual Private Network

Sens. Gary Peters, D-Mich., and Ron Johnson, R-Wis., have proposed a bipartisan bill that would require the General Services Administration (GSA) to coordinate with the Office of Management and Budget (OMB) and departments of Defense (DOD) and Homeland Security (DHS) to establish a training program to help federal officials protect information technology supply chains against cyberthreats.

Read More »

Julie Dunne: Federal Acquisition Security Council Could Help Government Address Supply Chain Risk

Julie Dunne

Julie Dunne, former commissioner of the General Services Administration's (GSA) Federal Acquisition Service (FAS), wrote in a commentary that the U.S. government should recognize the Federal Acquisition Security Council (FASC) and how it could help address supply chain security risks facing agencies. “The FASC presents an opportunity for a unified federal government approach in partnership with vendors to address supply chain risk in federal acquisitions,” she said.

Read More »

CISA, NIST Post Document on Securing Software Supply Chain

3D Printing

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks, a document containing information on software supply chain risks and providing guidance on the application of frameworks from NIST for cyber supply chain risk management and secure software development.

Read More »